Study of Cloud and Data Center Networking Security Architecture

doi:10.3969/j.issn.1671-1122.2016.09.020

Abstract

Abstract:

With the development of visualization technologies and Software Defined Data Center (SDDC), data center becomes agile, elastic and efficient. It requires security service running on it which also carry the same characteristics and beyond. Security solution designed for physical network and physical server cannot be deployed into virtualized data center. This paper proposes a distributed architecture for data center network security solution. The components of this solution are distributed into data center. The security service is elastic, agile and efficient. It supports work load migration and security service scale out, and multiple hypervisors and multiple types of data center deployments. This paper describes how this architecture can support several key requirements from data center, like micro-segmentation, visibility, and network behavior correlation, and several deployments on multiple data centers.

Key words: network security in data center, software defined security, software defined data center, virtualized security appliance

CLC Number:

TP309

Ye ZHANG, Jin SHANG, Dongyi JIANG. Study of Cloud and Data Center Networking Security Architecture[J]. Netinfo Security, 2016, 16(9): 98-103.

Figures/Tables 6

References 10

[1]	李宏军, 郎为民,邓刚. 一种高效的大数据中心完整性检查方案研究[J]. 信息网络安全,2016(5):1-8.
[2]	CHRISTY P. Securing the Next-Generation Data Center with Software-Defined Security[EB/OL].,2015-9-15.
[3]	SHACKLEFORD D. The State of Dynamic Data Center and Cloud Security in the Modern Enterprise[EB/OL]. , 2015-10-15.
[4]	程思嘉,张昌宏,潘帅卿. 基于CP-ABE算法的云存储数据访问控制方案设计[J]. 信息网络安全,2016(2):1-6.
[5]	裘晓峰,赵粮,高腾. VSA和SDS: 两种SDN网络安全架构的研究[J]. 小型微型计算机系统,2013,34(10):2298-2303.
[6]	王刚. 一种基于SDN技术的多区域安全云计算架构研究[J]. 信息网络安全,2015(9):20-24.
[7]	刘文懋. 软件定义的企业级数据中心网络安全研究[J]. 电信科学,2014,30(11):140-144.
[8]	刘文懋,裘晓峰,陈鹏程,等. 面向SDN环境的软件定义安全架构[J]. 计算机科学与探索,2015, 9(1): 63-70.
[9]	袁慧萍. 银行数据中心信息安全等级保护研究与实践[J]. 信息网络安全,2015(4):86-89.
[10]	CloudPassage. What CSOs Need To Know About Software-Defined Security[EB/OL]. , 2016-1-15.

[1]	Zhiyan ZHAO, Xiaomo JI. Research on the Intelligent Fusion Model of Network Security Situation Awareness [J]. Netinfo Security, 2020, 20(4): 87-93.
[2]	Min LIU, Shuhui CHEN. Research on VoLTE Traffic Based on Association Fusion [J]. Netinfo Security, 2020, 20(4): 81-86.
[3]	Lingyu BIAN, Linlin ZHANG, Kai ZHAO, Fei SHI. Ethereum Malicious Account Detection Method Based on LightGBM [J]. Netinfo Security, 2020, 20(4): 73-80.
[4]	Yifeng DU, Yuanbo GUO. A Dynamic Access Control Method for Fog Computing Based on Trust Value [J]. Netinfo Security, 2020, 20(4): 65-72.
[5]	Zhizhou FU, Liming WANG, Ding TANG, Shuguang ZHANG. HBase Secondary Ciphertext Indexing Method Based on Homomorphic Encryption [J]. Netinfo Security, 2020, 20(4): 55-64.
[6]	Rong WANG, Chunguang MA, Peng WU. An Intrusion Detection Method Based on Federated Learning and Convolutional Neural Network [J]. Netinfo Security, 2020, 20(4): 47-54.
[7]	Xiaoli DONG, Shuai SHANG, Jie CHEN. Impossible Differential Attacks on 9-Round Block Cipher Rijndael-192 [J]. Netinfo Security, 2020, 20(4): 40-46.
[8]	Chun GUO, Changqing CHEN, Guowei SHEN, Chaohui JIANG. A Ransomware Classification Method Based on Visualization [J]. Netinfo Security, 2020, 20(4): 31-39.
[9]	Lu CHEN, Yajie SUN, Liqiang ZHANG, Yun CHEN. A Scheme of Measurement for Terminal Equipment Based on DICE in IoT [J]. Netinfo Security, 2020, 20(4): 21-30.
[10]	Jinfang JIANG, Guangjie HAN. Survey of Trust Management Mechanism in Wireless Sensor Network [J]. Netinfo Security, 2020, 20(4): 12-20.
[11]	Jianwei LIU, Yiran HAN, Bin LIU, Beiyuan YU. Research on 5G Network Slicing Security Model [J]. Netinfo Security, 2020, 20(4): 1-11.
[12]	Peng LIU, Qian HE, Wangyang LIU, Xu CHENG. CP-ABE Scheme Supporting Attribute Revocation and Outsourcing Decryption [J]. Netinfo Security, 2020, 20(3): 90-97.
[13]	Yubo SONG, Ming FAN, Junjie YANG, Aiqun HU. Multipath Solution and Blocking Method of Network Attack Traffic Based on Topology Analysis [J]. Netinfo Security, 2020, 20(3): 9-17.
[14]	Tengfei WANG, Manchun CAI, Tianliang LU, Ting YUE. IPv6 Network Attack Source Tracing Method Based on iTrace_v6 [J]. Netinfo Security, 2020, 20(3): 83-89.
[15]	Yi ZHANG, Hongyan LIU, Hequn XIAN, Chengliang TIAN. A Cloud Storage Encrypted Data Deduplication Method Based on Authorization Records [J]. Netinfo Security, 2020, 20(3): 75-82.